Hi Ken, /etc/aws/keys/ssl/https.crt and /etc/aws/keys/ssl/https.key are the default paths for SSL certificate and key respectively. As they usually come from /etc/nginx/https.include. But since you have edited your nginx vhost template, they shouldn't be there no more.
Now I can see you have sorted this out. Do you still need help? Nick 2009/8/12 kenja <[email protected]>: > > Looking at the console log I see the following error: > > Starting nginx: 2009/08/12 13:25:39 [emerg] 1897#0: > SSL_CTX_use_certificate_chain_file("/etc/aws/keys/ssl/https.crt") > failed (SSL: error:02001002:system library:fopen:No such file or > directory error:20074002:BIO routines:FILE_CTRL:system lib error: > 140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:sy) > > I can't figure out where the /etc/aws/keys/ssl/https.crt path is > coming from, as it is not present in nginx.conf or the Vhost template > area. > > On Aug 12, 10:45 am, kenja <[email protected]> wrote: >> It looks like the www server finally says "running" instead of >> "initializing", but it still isn't working. I've tried pointing my >> browser directly to the IP address of the front-end and it won't >> load. >> >> On Aug 12, 10:42 am, kenja <[email protected]> wrote: >> >> > I've been having trouble with SSL on my farm lately. While we've >> > specified only SSLV3, the nginx server is allowing SSLV2 and lower. >> > In trying to resolve the problem, I edited the www role to remove the >> > "Nginx HTTPS Vhost Template: " section within the parameters tab. I >> > then copied that code into the standard nginx.conf and restarted >> > nginx. >> >> > It didn't work, so I reverted back to the original settings with the >> > old nginx.conf and the old code in the"Nginx HTTPS Vhost Template: " >> > section. However, that didn't work either! I rebooted the www >> > instance and that didn't work. I then terminated the instance and >> > waited for the new one to come up and now it is indefinitely saying >> > "initializing". I haven't rebooted the server since the new version >> > of Scalr was released, so I'm not sure what is going on. >> >> > The farm - 1239 - is down hard and I have no idea how to bring it back >> > up or what is causing the server to initialize indefinitely. Can >> > someone help take a look and help me get it back up? >> >> > The code in the Vhost Template section is: >> >> > {literal}server { {/literal} >> > listen 443; >> > server_name {$host} www.{$host} {$server_alias}; >> >> > ssl on; >> > ssl_certificate /etc/nginx/certs/www.myserver.com.crt; >> > ssl_certificate_key /etc/nginx/certs/www.myserver.com.key; >> > ssl_session_timeout 10m; >> > ssl_session_cache shared:SSL:10m; >> > ssl_protocols SSLv3; >> > ssl_ciphers HIGH:!ADH; >> > ssl_prefer_server_ciphers on; >> >> > {literal} >> > location / { >> > proxy_pass http://backend; >> > proxy_set_header Host $host; >> > proxy_set_header X-Real-IP $remote_addr; >> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> > client_max_body_size 10m; >> > client_body_buffer_size 128k; >> > proxy_buffering on; >> > proxy_connect_timeout 15; >> > proxy_intercept_errors on; >> >> > } >> > } {/literal} >> >> > My standard nginx.conf is: >> >> > user www-data; >> > worker_processes 4; >> >> > error_log /var/log/nginx/error.log; >> > pid /var/run/nginx.pid; >> >> > events { >> > worker_connections 4096; >> >> > } >> >> > http { >> > include /etc/nginx/mime.types; >> > default_type application/octet-stream; >> >> > access_log /var/log/nginx/access.log; >> >> > sendfile on; >> >> > keepalive_timeout 0; >> > tcp_nodelay on; >> >> > include /etc/nginx/app-servers.include; >> >> > server { >> > listen 80; >> >> > if ( $remote_addr = 127.0.0.1 ) { >> > rewrite ^(.*)$ /500.html last; >> > return 302; >> > } >> >> > if (-f /var/www/nginx-errors/maintenanceMode-enabled.html) { >> > rewrite ^(.*)$ /maintenancePage.html last; >> > return 503; >> > } >> >> > location / { >> > rewrite ^/my-account(.*)https://www.myserver.com/my-account$1 >> > permanent; >> > rewrite ^/login(.*)https://www.myserver.com/login$1permanent; >> > rewrite >> > ^/administrator(.*)https://www.myserver.com/administrator$1 >> > permanent; >> > rewrite >> > ^/individuals/sign-up(.*)https://www.myserver.com/individuals/sign-up$1 >> > permanent; >> > rewrite >> > ^/index.php/component/user/(.*)https://www.myserver.com/index.php/component/user/$1 >> > permanent; >> >> > proxy_pass http://backend; >> > proxy_buffering on; >> >> > proxy_set_header Host $host; >> > proxy_set_header X-Real-IP $remote_addr; >> > proxy_set_header X-Forwarded-For >> > $proxy_add_x_forwarded_for; >> > proxy_set_header HTTPS off; >> >> > error_page 500 501 = /500.html; >> > error_page 502 503 504 = /502.html; >> > error_page 404 = /404.html; >> > } >> >> > location /maintenancePage.html { >> > root /var/www/nginx-default; >> > } >> >> > location /500.html { >> > root /var/www/nginx-default; >> > } >> >> > location /502.html { >> > root /var/www/nginx-default; >> > } >> >> > location /404.html { >> > root /var/www/nginx-default; >> > } >> >> > } >> >> > } > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/scalr-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
